+++ This bug was initially created as a clone of Bug #1142150 +++ Description of problem: bind hangs after reload/GSSAPI Error: The referenced context has expired (Success) After a while (about once in a week) the bind daemon is in the state hang/zombie. The bind daemon seems to be present and accept requests from the clients, but is not answering any dns requests. Only killing the process with kill -9 can stop the daemon. After starting bind again, it works fine, until the problem occurs again. Version-Release number of selected component (if applicable): bind-9.9.4-14.el7.x86_64 How reproducible: Everytime Logrotates runs. Steps to Reproduce: 1. Configure IPA server with DNS 2. Wait till logrotate starts rotating. Additional info: It is related to https://fedorahosted.org/bind-dyndb-ldap/ticket/131 --- Additional comment from Tomas Hozza on 2014-09-16 05:54:04 EDT --- Thank you for your report. I already discussed this issue with Petr Spacek and it should be pretty easy to fix it. It is an error in the dyndb patch adding API for bind-dyndb-ldap. I'll talk to QA guys and try to get it into 7.1.
This problem is caused by two separate bugs: This one and bug 1142152. We need to fix both to completely solve the issue.
There is nothing private in this bug. Publicizing.
This problem is already fixed upstream, see commit https://fedorahosted.org/bind-dyndb-ldap/changeset/80f7663f309c0d0b9cb89ed8f8b38301b207360d/ .
Verified. bind-dyndb-ldap version: ======================== bind-dyndb-ldap-2.3-7.el6.x86_64 snip from automation log: ========================= :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz1142176: Kerberos ticket is not renewed properly and BIND later deadlocks :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: kinit as admin with password xxxxxxxx was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) :: [ PASS ] :: Adding a test dns A record (Expected 0, got 0) :: [ PASS ] :: Looking up for test record using dig (Expected 0, got 0) :: [ PASS ] :: Changing time one day ahead so lograte can happen (Expected 0, got 0) :: [ PASS ] :: Running logrotate forcefully (Expected 0, got 0) :: [ LOG ] :: logrotate ran successfully :: [ PASS ] :: Command 'ls -la /var/log/message*' (Expected 0, got 0) :: [ PASS ] :: Looking up for test record using dig after log rotate (Expected 0, got 0) :: [ PASS ] :: Resetting the date (Expected 0, got 0) :: [ PASS ] :: Deleting the test record (Expected 0, got 0) :: [ PASS ] :: Deleting generated log files (Expected 0, got 0) :: [ LOG ] :: Duration: 14s :: [ LOG ] :: Assertions: 10 good, 0 bad :: [ PASS ] :: RESULT: bz1142176: Kerberos ticket is not renewed properly and BIND later deadlocks
Hello Kaleem, please double-check that logrotate actually ran command 'rndc reload' (instead of 'service named restart'). I want to be 100 % sure that the bug was fixed properly. Thank you!
(In reply to Petr Spacek from comment #7) > Hello Kaleem, > > please double-check that logrotate actually ran command 'rndc reload' > (instead of 'service named restart'). I want to be 100 % sure that the bug > was fixed properly. Thank you! As we have figured out that logroate runs "named reload" which calls up "rndc reload" also, so i have added a check for "named reload" in automation code. :: [ LOG ] :: bz1142176: Kerberos ticket is not renewed properly and BIND later deadlocks :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: kinit as admin with password xxxxxxxx was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) :: [ PASS ] :: Adding a test dns A record (Expected 0, got 0) :: [ PASS ] :: Looking up for test record using dig (Expected 0, got 0) :: [ PASS ] :: Changing time one day ahead so lograte can happen (Expected 0, got 0) :: [ PASS ] :: Command 'sleep 60' (Expected 0, got 0) :: [ PASS ] :: clearing the /var/log/messages file (Expected 0, got 0) :: [ PASS ] :: Command 'sleep 60' (Expected 0, got 0) :: [ PASS ] :: Running logrotate forcefully (Expected 0, got 0) :: [ PASS ] :: Command 'sleep 60' (Expected 0, got 0) :: [ LOG ] :: logrotate ran successfully :: [ PASS ] :: Command 'ls -la /var/log/message*' (Expected 0, got 0) :: [ PASS ] :: File '/var/log/messages-20150521' should contain 'reloading zones succeeded' :: [ PASS ] :: Looking up for test record using dig after log rotate (Expected 0, got 0) :: [ PASS ] :: Resetting the date (Expected 0, got 0) :: [ PASS ] :: Deleting the test record (Expected 0, got 0) :: [ PASS ] :: Deleting generated log files (Expected 0, got 0) :: [ LOG ] :: Duration: 3m 9s :: [ LOG ] :: Assertions: 15 good, 0 bad :: [ PASS ] :: RESULT: bz1142176: Kerberos ticket is not renewed properly and BIND later deadlocks
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1259.html